Trustworthy Semantic Web Confidentiality Privacy and Trust Prof Bhavani Thuraisingham The University of Texas at Dallas February 2010 Outline of the Unit What are logic and inference rules Why do we need rules Example rules Logic programs Monotonic and Nonmonotoic rules Rule Markup Example Rule Markup in XML Policy Specification Relationship to the Inference and Privacy problems Summary and Directions Confidentiality Privacy and Trust Logic and Inference First order predicate logic High level language to express knowledge Well understood semantics Logical consequence inference Proof systems exist Sound and complete OWL is based on a subset of logic descriptive logic Why Rules RDF is built on XML and OWL is built on RDF We can express subclass relationships in RDF additional relationships can be expressed in OWL However reasoning power is still limited in OWL Therefore the need for rules and subsequently a markup language for rules so that machines can understand Example Rules Studies X Y Lives X Z Loc Y U Loc Z U HomeStudent X i e if John Studies at UTDallas and John is lives on Campbell Road and the location of Campbell Road and UTDallas are Richardson then John is a Home student Note that Person X Man X or Woman X is not a rule in predicate logic That is if X is a person then X is either a man of a woman This can be expressed in OWL However we can have a rule of the form Person X and Not Man X Woman X Monotonic Rules Mother X Y Mother X Y Parent X Y If Mary is the mother of John then Mary is the parent of John Syntax Facts and Rules Rule is of the form B1 B2 Bn A That is if B1 B2 Bn hold then A holds Logic Programming Deductive logic programming is in general based on deduction i e Deduce data from existing data and rules e g Father of a father is a grandfather John is the father of Peter and Peter is the father of James and therefore John is the grandfather of James Inductive logic programming deduces rules from the data e g John is the father of Peter Peter is the father of James John is the grandfather of James James is the father of Robert Peter is the grandfather of Robert From the above data deduce that the father of a father is a grandfather Popular in Europe and Japan Nonmonotonic Rules If we have X and NOT X we do not treat them as inconsistent as in the case of monotonic reasoning For example consider the example of an apartment that is acceptable to John That is in general John is prepared to rent an apartment unless the apartment ahs less than two bedrooms is does not allow pets etc This can be expressed as follows Acceptable X Bedroom X Y Y 2 NOT Acceptable X NOT Pets X NOT Acceptable X Note that there could be a contradiction But with nonmotonic reasoning this is allowed Rule Markup The various components of logic are expressed in the Rule Markup Language RuleML Both monotonic and nonmonotnic rules can be represented Example representation of Fact P a a is a parent fact atom predicate p predicate term const a const term atom fact Policies in RuleML fact atom predicate p predicate term const a const term atom Level L fact Example Policies Temporal Access Control After 1 1 05 only doctors have access to medical records Role based Access Control Manager has access to salary information Project leader has access to project budgets but he does not have access to salary information What happens is the manager is also the project leader Positive and Negative Authorizations John has write access to EMP John does not have read access to DEPT John does not have write access to Salary attribute in EMP How are conflicts resolved Privacy Policies Privacy constraints processing Simple Constraint an attribute of a document is private Content based constraint If document contains information about X then it is private Association based Constraint Two or more documents taken together is private individually each document is public Release constraint After X is released Y becomes private Augment a database system with a privacy controller for constraint processing System Architecture for Access Control Pull Query User RuleMLAccess Policy base Push result RuleMFAdmin Credential base RuleML Data Documents Admin Tools RuleML Data Management Data is presented as RuleML documents Query language Logic programming based Policies in RuleML Reasoning engine Use the one developed for RuleML Inference Privacy Control Technology By UTD Interface to the Semantic Web Inference Engine Rules Processor Policies Ontologies Rules Rule based Data Management Rules Data Summary and Directions Rules have expressive and reasoning power Handles some of the inadequacies of OWL Both monotonic and nonromantic reasoning Logic programming based Policies specified in RulesML Need to build an integrated system Other rules SWRL semantic web rules language CPT Confidentiality Privacy and Trust Before I as a user of Organization A send data about me to organization B I read the privacy policies enforced by organization B If I agree to the privacy policies of organization B then I will send data about me to organization B If I do not agree with the policies of organization B then I can negotiate with organization B Even if the web site states that it will not share private information with others do I trust the web site Note while confidentiality is enforced by the organization privacy is determined by the user Therefore for confidentiality the organization will determine whether a user can have the data If so then the organization van further determine whether the user can be trusted What is Privacy Medical Community Privacy is about a patient determining what patient medical information the doctor should be released about him her Financial community A bank customer determine what financial information the bank should release about him her Government community FBI would collect information about US citizens However FBI determines what information about a US citizen it can release to say the CIA Some Privacy concerns Medical and Healthcare Employers marketers or others knowing of private medical concerns Security Allowing access to individual s travel and spending data Allowing access to web surfing behavior Marketing Sales and Finance Allowing access to individual s purchases Data Mining as a Threat to Privacy Data mining gives us facts that are not obvious to human analysts of the data Can general trends across individuals be determined without revealing information about individuals Possible threats Combine